Wednesday, 12 June 2013

Malware sites to block 12/6/13

This is a refresh of this list of domains and IPs controlled by what I call the " Amerika " gang, and it follows on from this B...
1 comment:

BBB Spam / trleaart.net

This fake BBB spam with a "PLAINT REPORT" (sic) leads to malware on trleaart.net : From: Better Business Bureau [mailto:rivul...
Tuesday, 11 June 2013

Amazon.com spam / goldcoinvault.com

This fake Amazon.com spam leads to malware on goldcoinvault.com : Date:      Tue, 11 Jun 2013 14:25:21 -0600 [16:25:21 EDT] From:      ...
1 comment:

Something evil on 173.255.213.171

As a follow-up to this post , the exploit server on 173.255.213.171 (Linode, US) is hosting a number of hijacked GoDaddy-registered domai...
Monday, 10 June 2013

Wells Fargo spam / Important WellsFargo Doc.exe / Important WellsFargo Docs.exe

This summary is not available. Please click here to view the post.
2 comments:
Friday, 7 June 2013

"PAYVE - Remit file" spam / CD0607213.389710762910.zip

This fake American Express Payment Network spam has a malicious attachment. Date:      Fri, 7 Jun 2013 20:41:25 +0600 [10:41:25 EDT] F...

BBB spam / pnpnews.net

This fake BBB spam leads to malware on pnpnews.net : From: Better Business Bureau [mailto:standoffzwk68@clients.bbb.com] Sent: 07 June...

Malware sites to block 7/6/13

Two IPs that look related, the first is 37.235.48.185 (Edis, Poland or Austria) which host some domains that are also found here ( 158.2...
Thursday, 6 June 2013

USPS spam / USPS_Label_861337597092.zip

This fake USPS spam contains a malicious attachment: Date:      Thu, 6 Jun 2013 10:43:56 -0500 [11:43:56 EDT] From:      USPS Express ...

NatPay "Transmission Confirmation" spam / usforclosedhomes.net

This fake NatPay spam leads to malware on usforclosedhomes.net . Version 1: Date:      Thu, 6 Jun 2013 20:53:08 +0600 [10:53:08 EDT] ...
6 comments:

Innex, Inc fake spam

Innex, Inc is a real company. This spam email message is not from Innex, Inc. From:     PURCHASING DEPARTMENT [fdmelo@fucsalud.edu.co]...
4 comments:

rxlogs.net: spam or Joe Job?

I've had nearly one hundred of these this morning. Is it a genuine spam run or a Joe Job ? Date :      Thu, 6 Jun 2013 09:44:18 -07...
Wednesday, 5 June 2013

More Champions Club Community spam

These grubby little spammers are at it again. Apparently Steve Jobs is dead. Who knew? Anyway, the originating IP is 217.174.248.194 [...
Monday, 3 June 2013

"Fiserv Secure Email Notification" spam with an encrypted, malicious ZIP attachment

This spam email contains an encrypted ZIP file with password-protected malware. Date:      Mon, 3 Jun 2013 14:11:14 -0500 [15:11:14 EDT...
1 comment:
Friday, 31 May 2013

Medfos sites to block 31/5/13

The following domains and IPs are currently being used as C&C servers by the Medfos family of trojans ( this one in particular): ...
4 comments:
Thursday, 30 May 2013

NewEgg.com spam / 174.140.171.233

This fake NewEgg.com spam leads to malware on 174.140.171.233: Date:      Thu, 30 May 2013 16:06:12 +0000 [12:06:12 EDT] From:      New...

ADP spam / 4rentconnecticut.com and 174.140.171.233

This summary is not available. Please click here to view the post.

Al Rowaad Advocates - scumbag, spammy lawyers

This scumbag law firm from the UAE advertises itself through spam. From :     Professional Lawyers in the UAE [uaelawyers@gmx.com] Repl...

Amazon.com 55 inch TV spam / ozonatorz.com

This earlier spam run about various brands of 55 inch TVs from Amazon has been updated and is now directing victims to a malware landing pa...